While the internet delivers small businesses so much good, unfortunately the chances of a cyber security incident pulling the rug from beneath their feet are high.

Cyber security threats

The Australian Cyber Security Centre doesn't mince its words — it says experiencing a cyber security incident is not a matter of if but when, and what type.

It found that 90 per cent of organisations faced some form of attempted or successful cyber security compromise during the 2015–16 financial year.[3]

Cyber security threats come in many shapes and sizes — and there are becoming increasingly sophisticated.

Ransomware

Let me give you a quick sample, starting with ransomware — one of the most frequent and damaging types of malware.[4]

The WannaCry and Petya ransomware campaigns drive home the reality that cyber criminals can and do cause widespread and indiscriminate damage.

Australia was fortunate that it didn't suffer as much as other countries, but there were Australian victims. And, unfortunately, they were mostly small businesses.

Ransomware can spread in a range of ways. In the case of WannaCry and Petya, the malware spread through computers whose Microsoft operating systems had not been updated.

But they can also be spread through emails.

All it can take is one click on an email attachment or link to download the ransomware, bringing a system to a grinding halt.

Once present on a computer the ransomware encrypts the data and demands payment — usually in bitcoin — for its release.

But, even for those who pay up, there's no guarantee they'll recover their systems.

So it's important that businesses ensure their software is up-to-date and their information is regularly backed up to an external source.

Unfortunately ransomware is something we're only going to see more of — the Australian Competition and Consumer Commission (ACCC)'s scam activity report reveals the number of ransomware emails to businesses is increasing.[5]

Spear-phishing

The Australian Cyber Security Centre also lists spear-phishing as a threat — one that is becoming more convincing and difficult to spot.[6]

Rather than a casting out a wide net, spear-phishing is a carefully crafted and highly personalised form of cybercrime.

A small businesses owner may receive an email which appears to be from a familiar contact.

It might have correct signature block, relevant details about a project and it may have an attachment or zip file which appears to be a PDF.

However, opening the malicious attachment triggers the planting of malware — which can lead to a world of pain.

Small business initiatives

These cybercrime examples all lead to the same conclusion: prevention is better than cure.

The Australian Cyber Security Centre says the costs of compromise are almost certainly more expensive than preventative measures.[7]

According to a Norton survey, Australian small business operators suffered an average financial loss of just under $6,600 per incident.

But the costs add in other ways, too.

Small businesses said they felt most impact of cyber security incidents through downtime, the expense of re-doing work, inconvenience, and data loss.[8]

Damage to reputation is, of course, also a lingering factor.

Despite this, the challenge for all of us here today is that cyber security is often a low priority for small businesses with limited resources.

Stay Smart Online says some of the cyber security downfalls for small businesses include unaware staff, out-of-date software and no back-ups.[9]

The Norton Survey said 'almost a quarter of small businesses have no internet security solution, many have no professional IT support and little interest in cyber insurance.'[10]

As a former small business owner, this is understandable but also concerning.

Grants

That's why the Government is taking action to assist small businesses so they can better secure themselves from cyber threats.

We are providing grants of up to $2,100 to co-fund small businesses to have their cyber security tested by CREST ANZ-approved service providers.[11]

The grants — expected to open for applications this financial year — will enable around 5,000 small businesses to test their cyber security resilience.

Webinars

We are also ramping up awareness within the small business community through a series of cyber security webinars.[12]

The Australian Small Business and Family Enterprise Ombudsman, Kate Carnell, said just about every business with a physical shopfront has an alarm and takes security precautions, but not every business is aware of cyber security.[13]

We need to change that.

The Entrepreneurs' Programme — an initiative of the National Innovation and Science Agenda — will continue to deliver a five-part webinar series over the next few months.

The webinars come on the back of a set of special cyber security resources which I released earlier this year.